A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure.

AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.

Having Contributor access to an Azure Resource Manager (ARM) API Connection would allow you to create arbitrary role assignments as the connected user. This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.

Undocumented functionality in Azure Active Directory allows a group of Microsoft OAuth client applications to obtain special "family refresh tokens", which can be redeemed for bearer tokens as any other client in the family.

This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.

Users able to create a pod could have abused these to (1) escape their pod and compromise the underlying node, (2) escalate privileges and become full cluster administrators, and (3) covertly persist administrative access through backdoors that are completely invisible to cluster operators.

Post showcasing an approach aimed at automating the provisioning of narrowly-scoped and short-lived pull secrets within Kubernetes environments thanks to HashiCorp Vault.

How to triage a malicious image containing a piece of malware previously undetected in VirusTotal.

A new technique to escape privileged containers.

Learn how to set up an AWS EKS cluster with Terraform and leverage best practices to configure roles, service accounts, logging, and auditing.

HCP Packer provides automation, collaboration, and security for managing images across multiple clouds. It includes image security and compliance workflows with Terraform Cloud.

From the statement: "As a recognized leader in strategic security advisory and incident response services, Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cybersecurity with the largest organizations in the world."

Network security testing for DevSecOps workflows.

A Docker + Kubernetes network trouble-shooting swiss-army container.

The Kubernetes Security Profiles Operator.

Pinniped is the easy, secure way to log in to your Kubernetes clusters.

A Go package that lets you run code after your Lambda function has returned its response. Potential use cases: flushing telemetry, audit logs, etc.

How to use the machine learning capabilities of Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) to detect and visualize anomalies in AWS WAF logs.

How to integrate Amazon WorkMail with an email security gateway. Configuring WorkMail this way can provide a versatile defense strategy for inbound email threats.

How to automate creating multiple AWS accounts in AWS Control Tower, and how to automate assigning user access to the AWS accounts in AWS SSO, with the ability to repeat the process easily for subsequent batches of accounts.

The latest release of Autonomic Security Operations includes a variety of initiatives and investments, from the launch of a Public Sector solution, a Community Security Analytics repository, to a fully comprehensive technology stack.

Account defender, available today in public preview, is a feature in reCAPTCHA Enterprise that analyzes the patterns of behavior for an individual account.

Learn more about how declarative export allows you to export the current state of your infrastructure into a descriptive file compatible with Terraform.

Receiving Distributed Denial of Service (DDoS) attack threats? This guide provides an overview of what Microsoft provides at the platform level, information on recent mitigations, and best practices.

Article presenting a solution for processing credit card payments makes use of confidential virtual machines (CVMs) running on AMD Secure Encrypted Virtualization (SEV) - Secure Nested Paging (SNP) technology.